Discussion in 'other anti-malware software' started by DriveSentry, May 19, 2008.
Have a look here
Thanks Tony.I haven't seen that until now but I did Go ahead a remove DS for now.may run at a latter when my license is up for nod.
Is it safe that the exe files listed have these rules?
This is what was auto created after installing new DS 18.104.22.168
can write to removable media
can write to the registry
can write *(any) files anywhere
Where it says "Number of logs to store 1024" Does this refer to the number of lines in the log window or number of log files stored?
If it stores logs on my system then where would they be? I have looked in the DS folder of program files.
Also, in the log window of Drive Sentry, I would like the ability to set the order of the list by category; status, destination, source, date/time.
P.S. Is the .29 in 22.214.171.124 a typo? Should it read 126.96.36.199 the version before the release of 3.1.3?
My Advisor window on synchronize just has an x in the upper left so didn't get to see anything "funky new" but looks cool on the main.
DriveSentry v.188.8.131.52 update available.
is this beta or stable released?
The list of exe's have been auto-allowed via whitelisting so they should be safe According to the help "Number of logs to store 1024" refers to the amount of I/O saved.
I'm running now and it seems stable, there's now 2 builds one with local DB and one without.
There's a review of Drivesentry this month at Virus Bulletin -> http://www.virusbtn.com/virusbulletin/archive/2008/11/vb200811-DriveSentry I don't have a subscription so I've no idea if it's good or bad
My current issue with DriveSentry on one of my XP SP3 machines is that it stalls when attempting to load software that is seemingly not already on an "allow" list already. CPU usage hits 100% for the DriveSentry process and the application fails to load. DriveSentry still responds to user interaction so I'm able to issue a shutdown. Once it's shutdown, the application I tried to launch appears without issue. As an example, Internet Explorer or Mozilla Firefox launch fine but K-Meleon does not. The behaviour almost seems to suggest that I'm supposed to be seeing a popup to allow/deny the application.
Not sure what might be conflicting with DriveSentry since I've uninstalled _every_ other antivirus/malware application and I'm not suppressing popups in any way [I still see poups when a "known" application tries to do something]. Another thing of interest is that I can't add applications to the Allow list manually. I can get the file selection dialog but after locating the file I want, it's never added to the list.
I have a similarly configured XP machine that is happily running DriveSentry and ThreatFire concurrently so it doesn't seem to be a factor external to the machine.
This has occurred on this machine for all versions of DriveSentry available over the last couple of months
Possibly your problem is Kmeleon, if using version 1.5.1.
Unfortunately it also causes problems for other applications such as Pidgin and even mIRC [which I found interesting]. I'm also running K-Meleon 1.1.6.
Pidgin exhibits the same "fail to load" behaviour as K-Meleon but mIRC only does so after establishing server connections. The issue seems to be related to internet connectivity. I just tested FileZilla and it loaded fine, until it tried to update itself, at which point it froze until I shut down DriveSentry.
While I'm on this train of thought, I'm wondering if it has anything to do with my virtual NICs that are bridged with my physical NIC. I'll remove them and see how things go.
edit: Turns out this issue has nothing to do with bridged virtual network interfaces and everything to do with trying to run applications from an encrypted partition. As soon as the application is moved to a non-encrypted partition, everything works without issue. I'm not sure why there's only a conflict when the application tries to perform a network-related action, though. Many of these applications appeared to fail to load completely because they connect to the Internet almost immediately. Other applications, that do not establish any connections on launch, work fine otherwise.
For the record, my partition is encrypted using TrueCrypt and I'm currently running v6.0a. I might try upgrading to v6.1 but I'm not overly confident this will make any difference.
I was wondering why you have disabled Defense + or you are using any particular HIPS substitute. I don't have any issue with Defense + enabled so far.
I've tried many other HIPS products but DriveSentry is the one less likely to have conflicts. In terms of protection DriveSentry still need to proof itself of its effectiveness since there isn't much reliable tests done on it.
Does anyone know if the Av part of DriveSentry is home grown or licenced technology from another AV Vendor. Would be interested to know which AV vendor if anyone knows?
Here's what i found.
DriveSentry partners with Offensive Computing and Frame4 Security Services to collect and analyze malware samples for their blacklist.
I disabled Comodo Defense+ because I found there was too many pop-ups. As an Internet firewall it's perfect with Drivesentry. I have been emailed a copy of the review by Virus Bulletin which I have promised not to forward but the conclusion is very positive about Drivesentry here's part of the conclusion:
"There is a little confusion about exactly what market DriveSentry is aimed at. During the installation process the standard messages about removing any conflicting security software are in evidence, but from personal communication with the company and various postings and discussions on forums it seems that the product is designed to be compatible with more traditional anti-malware solutions, intended as an extra layer of security in addition to, rather than in place of, these more standard products. For this purpose it seems like an ingenious, simple tool with some excellent protection capabilities. There are, as with every product, a few holes which doubtless could be exploited should the user be unlucky enough to be hit by exactly the wrong piece of malware, but this remains a danger with even the most sophisticated and complex security setup."
Drivesentry also scored 85% in the VB100 tests which impressed the reviewer as the software is an IDS/Whitelist tool and not a full blown AV product.
I also know they have some AV experts that process internally. BTW I found out via my support contact that Drivesentry will feature real-time rootkit protection in a few weeks. I've been asked to do some beta testing
and thas for december and then the network firewall cool things to come,be ready
hi katie . when i install drivesentry tells me unistall avast. problems run drivesentry with avast together?
That's a very positive news. Thanks for the input guys.
I can see DriveSentry could be the next "ISS BlackICE" but way better or i could be mistaken.
Here's another question.
Does DriveSentry implement a heurestic engines on its malware scanner? If it does not, would it be better that way since the obvious way to get passed this whitelisting is to use an exploit that patches an in-memory process.
There is no need for a file and the technique is used by non-persistent rootkits and other threats that can disable security software, such as anti-virus, firewalls, white listing programs, or most anything else.
The way I see it AV vendors are planing to use the whitelist approach in order to achieve faster scanning of hard drives and not as a way to increase security if only whitelisted files would be allowed on a system.
Whitelisting can be a valuable addition to a defense-in-depth strategy, but it is not a complete defense. So a multi-layer protection is currently the best solution to say.
Hmm..whats happening here? Does DriveSentry have an issue with other antivirus. I've been ask recently about DriveSentry not compatible with NOD32 causing system to freeze and BSOD.
Can you unisnstall avast first before installing DriveSentry. See if DriveSentry works fine then try reinstalling your antivirus again. See if that's work for you.
For the record, upgrading TrueCrypt didn't help with the issue so I've given up on DriveSentry for now.
DriveSentry and applications on TrueCrypt-encrypted partitions/containers don't seem to play well [at least for me]. It'd be interesting to see if anyone else has had problems with other encryption products, such as DriveCrypt.
now drivesentry works well with avast! thanks katie!
DriveSentry runs with most AV products but we warn users in the install just incase there's any issues. I do know DriveSentry and Avast seem to like each other
One of the team runs TrueCrypt and DriveSentry on a daily basis on their laptop with no issues. Do you have anything else installed that could be clashing with DriveSentry?
Separate names with a comma.